You want to block all sub-domains of a specific website.

Or

You want to use a wildcard in a domain.

Or

You want to allow a domain while still blocking the Parent domain. 

Or 

You want to block a TLd (Top Level Domain).

The Web Security Service does not support wildcard domains.

You should include only the top-level domain. The policy will match all subdomains.

Tip: You can use rule ordering logic to ensure other subdomains apply a different policy

#Rule 1 test.example.com BLOCK

#Rule 2 example.com ALLOW

This will result in example.com being allowed but test.example.com still being blocked.

The same concept also works with Top Level domains, for instance

#Rule 1 com BLOCK 

Will result in google.com being blocked 

Previous article name:

 (Cloud) Is wildcard "*" supported in URL object for policy?